Account lockout

Account lockout is the most common issue in windows environment, I will discuss about the frequent account lock out issues and how to troubleshoot frequent account lockout issue

In a windows 2000/2003 domain environment if the password and account lockout policy enabled, then according to the lock out policy if the user wrongly type the password for more then 3 or 5 times, account will be lockout

It should be unlocked automatically another 30 min (depending on account lockout policy) for the frequent account lockout issue, follow the below account lockout troubleshoot steps

Check the lockoutevents.txt file for the affected user; you will be able to find the account lockout event, you able to find the system from which the account has been lockout

Causes:

• Check if your user ID is being used to start/stop some services on affected system
• Check your user ID is being logging on to multiple computers
• Check any application using your old password on affected system
• Check Any Persistent drive mappings using your old password
• Check for TS session with old password

4 thoughts on “Account lockout”

By the way, recently one of my Microsoft colleagures informed us about a cool FREE tool from a Microsoft partner, that offers over 50 super-helpful Active Directory security reports including which accounts are locked out, where all a user may have permissions etc.

So, there’s no more need to write any scripts and all to find the DN of locked accounts. You can just use this tool and it will automatically show you the DN of all locked accounts!

How are you? I came across your post while looking for free Active directory reporting tools on Account Lockout and True Last Logon.

Ganesh, I run a blog on a Free Active Directory Reporting Tools and if you know of any free True LAst Logon based tools, could you please let me know, so I could post it on my blog and share it with the entire community.

I’m looking for a third-party tool to identify and resolve all account lockouts. The only one I’ve evaluated so far is NetWrix Account Lockout Examiner, which is so far, so good—it identifies user lockouts, troubleshoots the issue and resolves the issue. Anyone have any other good recommendations that I can compare?